Phase-Based Bit Commitment Protocol
Janis Nötzel, Anshul Singhal, Peter van Loock
TL;DR
This work addresses secure two‑party bit commitment by adopting an assumption‑based approach in continuous‑variable quantum optics. It proposes a phase‑encoded protocol where the network provider secures the transmission channel, achieving ε‑security under honest‑but‑curious behavior by bounding Alice and Bob’s cheating probabilities. The security analysis yields explicit bounds: Bob’s cheating probability $p_{CB}$ decays as $\mathcal{O}\left(\left(\frac{t^2}{M}\right)^{M/2}\right)$ and Alice’s cheating probability $p_{CA}$ decays as $\exp\left(- E k 4 \sin^2\left(\tfrac{\pi}{2M}\right)\right)$, with parameter choices ensuring $\max\{p_{CA},p_{CB}\}\le\epsilon$. A Mayers attack is discussed via purifications, suggesting it requires sophisticated high‑energy entangled states and is not easily realized with simple linear optics. The work highlights how physically grounded assumptions can bridge no‑go results and practical implementations, potentially enabling secure private computation in current quantum‑optical platforms.
Abstract
With the rise of artificial intelligence and machine learning, a new wave of private information is being flushed into applications. This development raises privacy concerns, as private datasets can be stolen or abused for non-authorized purposes. Secure function computation aims to solve such problems by allowing a service provider to compute functions of datasets in the possession of a a data provider without reading the data itself. A foundational primitive for such tasks is Bit Commitment (BC), which is known to be impossible to realize without added assumptions. Given the pressing nature of the topic, it is thus important to develop BC systems and prove their security under reasonable assumptions. In this work, we provide a novel quantum optical BC protocol that uses the added assumption that the network provider will secure transmission lines against eavesdropping. Under this added assumption, we prove security of our protocol in the honest but curious setting and discuss the hardness of Mayer's attack in the context of our protocol.